mirror of https://git.rancher.io/charts
Merge branch 'dev-v2.6' of https://github.com/rancher/charts into HEAD
Steven Crespo
commit
bb5558177b
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
|
@ -0,0 +1,13 @@
|
|||
annotations:
|
||||
catalog.cattle.io/certified: rancher
|
||||
catalog.cattle.io/hidden: "true"
|
||||
catalog.cattle.io/namespace: cattle-fleet-system
|
||||
catalog.cattle.io/os: linux
|
||||
catalog.cattle.io/permits-os: linux,windows
|
||||
catalog.cattle.io/release-name: fleet-agent
|
||||
apiVersion: v2
|
||||
appVersion: 0.3.10-rc1
|
||||
description: Fleet Manager Agent - GitOps at Scale
|
||||
icon: https://charts.rancher.io/assets/logos/fleet.svg
|
||||
name: fleet-agent
|
||||
version: 100.0.4+up0.3.10-rc1
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
Standalone Fleet users use this chart for agent-based registration [docs/agent-initiated.md](/docs/agent-initiated.md).
|
||||
Fleet in Rancher does not use this chart, but creates the agent deployments programmatically.
|
||||
|
||||
|
|
@ -0,0 +1,22 @@
|
|||
{{- define "system_default_registry" -}}
|
||||
{{- if .Values.global.cattle.systemDefaultRegistry -}}
|
||||
{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
|
||||
{{- else -}}
|
||||
{{- "" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Windows cluster will add default taint for linux nodes,
|
||||
add below linux tolerations to workloads could be scheduled to those linux nodes
|
||||
*/}}
|
||||
{{- define "linux-node-tolerations" -}}
|
||||
- key: "cattle.io/os"
|
||||
value: "linux"
|
||||
effect: "NoSchedule"
|
||||
operator: "Equal"
|
||||
{{- end -}}
|
||||
|
||||
{{- define "linux-node-selector" -}}
|
||||
kubernetes.io/os: linux
|
||||
{{- end -}}
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
kind: ConfigMap
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: fleet-agent
|
||||
data:
|
||||
config: |-
|
||||
{
|
||||
{{ if .Values.labels }}
|
||||
"labels":{{toJson .Values.labels}},
|
||||
{{ end }}
|
||||
"clientID":"{{.Values.clientID}}"
|
||||
}
|
||||
|
|
@ -0,0 +1,37 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: fleet-agent
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: fleet-agent
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: fleet-agent
|
||||
spec:
|
||||
containers:
|
||||
- env:
|
||||
- name: NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
image: '{{ template "system_default_registry" . }}{{.Values.image.repository}}:{{.Values.image.tag}}'
|
||||
name: fleet-agent
|
||||
command:
|
||||
- fleetagent
|
||||
{{- if .Values.debug }}
|
||||
- --debug
|
||||
- --debug-level
|
||||
- {{ quote .Values.debugLevel }}
|
||||
{{- end }}
|
||||
serviceAccountName: fleet-agent
|
||||
nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
|
||||
{{- if .Values.fleetAgent.nodeSelector }}
|
||||
{{ toYaml .Values.fleetAgent.nodeSelector | indent 8 }}
|
||||
{{- end }}
|
||||
tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
|
||||
{{- if .Values.fleetAgent.tolerations }}
|
||||
{{ toYaml .Values.fleetAgent.tolerations | indent 8 }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: default-allow-all
|
||||
namespace: {{ .Values.internal.systemNamespace }}
|
||||
spec:
|
||||
podSelector: {}
|
||||
ingress:
|
||||
- {}
|
||||
egress:
|
||||
- {}
|
||||
policyTypes:
|
||||
- Ingress
|
||||
- Egress
|
||||
|
|
@ -0,0 +1,28 @@
|
|||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: patch-fleet-sa
|
||||
annotations:
|
||||
"helm.sh/hook": post-install, post-upgrade
|
||||
"helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
serviceAccountName: fleet-agent
|
||||
restartPolicy: Never
|
||||
containers:
|
||||
- name: sa
|
||||
image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}"
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
|
||||
command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"]
|
||||
args: ["-n", {{ .Values.internal.systemNamespace }}]
|
||||
nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
|
||||
{{- if .Values.kubectl.nodeSelector }}
|
||||
{{ toYaml .Values.kubectl.nodeSelector | indent 8 }}
|
||||
{{- end }}
|
||||
tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
|
||||
{{- if .Values.kubectl.tolerations }}
|
||||
{{ toYaml .Values.kubectl.tolerations | indent 8 }}
|
||||
{{- end }}
|
||||
backoffLimit: 1
|
||||
|
|
@ -0,0 +1,25 @@
|
|||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: fleet-agent-system-fleet-agent-role
|
||||
rules:
|
||||
- apiGroups:
|
||||
- '*'
|
||||
resources:
|
||||
- '*'
|
||||
verbs:
|
||||
- '*'
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: fleet-agent-system-fleet-agent-role-binding
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: fleet-agent-system-fleet-agent-role
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: fleet-agent
|
||||
namespace: {{.Release.Namespace}}
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
apiVersion: v1
|
||||
data:
|
||||
systemRegistrationNamespace: "{{b64enc .Values.systemRegistrationNamespace}}"
|
||||
clusterNamespace: "{{b64enc .Values.clusterNamespace}}"
|
||||
token: "{{b64enc .Values.token}}"
|
||||
apiServerURL: "{{b64enc .Values.apiServerURL}}"
|
||||
apiServerCA: "{{b64enc .Values.apiServerCA}}"
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: fleet-agent-bootstrap
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: fleet-agent
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
{{if ne .Release.Namespace .Values.internal.systemNamespace }}
|
||||
{{ fail (printf "This chart must be installed in the namespace %s as the release name fleet-agent" .Values.internal.systemNamespace) }}
|
||||
{{end}}
|
||||
|
||||
{{if ne .Release.Name .Values.internal.managedReleaseName }}
|
||||
{{ fail (printf "This chart must be installed in the namespace %s as the release name fleet-agent" .Values.internal.managedReleaseName) }}
|
||||
{{end}}
|
||||
|
||||
{{if not .Values.apiServerURL }}
|
||||
{{ fail "apiServerURL is required to be set, and most likely also apiServerCA" }}
|
||||
{{end}}
|
||||
|
|
@ -0,0 +1,63 @@
|
|||
image:
|
||||
os: "windows,linux"
|
||||
repository: rancher/fleet-agent
|
||||
tag: v0.3.10-rc1
|
||||
|
||||
# The public URL of the Kubernetes API server running the Fleet Manager must be set here
|
||||
# Example: https://example.com:6443
|
||||
apiServerURL: ""
|
||||
|
||||
# The the pem encoded value of the CA of the Kubernetes API server running the Fleet Manager.
|
||||
# If left empty it is assumed this Kubernetes API TLS is signed by a well known CA.
|
||||
apiServerCA: ""
|
||||
|
||||
# The cluster registration value
|
||||
token: ""
|
||||
|
||||
# Labels to add to the cluster upon registration only. They are not added after the fact.
|
||||
#labels:
|
||||
# foo: bar
|
||||
|
||||
# The client ID of the cluster to associate with
|
||||
clientID: ""
|
||||
|
||||
# The namespace of the cluster we are register with
|
||||
clusterNamespace: ""
|
||||
|
||||
# The namespace containing the clusters registration secrets
|
||||
systemRegistrationNamespace: fleet-clusters-system
|
||||
|
||||
# Please do not change the below setting unless you really know what you are doing
|
||||
internal:
|
||||
systemNamespace: fleet-system
|
||||
managedReleaseName: fleet-agent
|
||||
|
||||
# The nodeSelector and tolerations for the agent deployment
|
||||
fleetAgent:
|
||||
## Node labels for pod assignment
|
||||
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
|
||||
##
|
||||
nodeSelector: {}
|
||||
## List of node taints to tolerate (requires Kubernetes >= 1.6)
|
||||
tolerations: []
|
||||
kubectl:
|
||||
## Node labels for pod assignment
|
||||
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
|
||||
##
|
||||
nodeSelector: {}
|
||||
## List of node taints to tolerate (requires Kubernetes >= 1.6)
|
||||
tolerations:
|
||||
- key: node.cloudprovider.kubernetes.io/uninitialized
|
||||
operator: "Equal"
|
||||
value: "true"
|
||||
effect: NoSchedule
|
||||
|
||||
global:
|
||||
cattle:
|
||||
systemDefaultRegistry: ""
|
||||
kubectl:
|
||||
repository: rancher/kubectl
|
||||
tag: v1.21.5
|
||||
|
||||
debug: false
|
||||
debugLevel: 0
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
annotations:
|
||||
catalog.cattle.io/certified: rancher
|
||||
catalog.cattle.io/hidden: "true"
|
||||
catalog.cattle.io/namespace: cattle-fleet-system
|
||||
catalog.cattle.io/os: linux
|
||||
catalog.cattle.io/permits-os: linux,windows
|
||||
catalog.cattle.io/release-name: fleet-crd
|
||||
apiVersion: v2
|
||||
appVersion: 0.3.10-rc1
|
||||
description: Fleet Manager CustomResourceDefinitions
|
||||
icon: https://charts.rancher.io/assets/logos/fleet.svg
|
||||
name: fleet-crd
|
||||
version: 100.0.4+up0.3.10-rc1
|
||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
|
@ -0,0 +1 @@
|
|||
# This file is intentionally empty
|
||||
|
|
@ -0,0 +1,20 @@
|
|||
annotations:
|
||||
catalog.cattle.io/auto-install: fleet-crd=match
|
||||
catalog.cattle.io/certified: rancher
|
||||
catalog.cattle.io/experimental: "true"
|
||||
catalog.cattle.io/hidden: "true"
|
||||
catalog.cattle.io/namespace: cattle-fleet-system
|
||||
catalog.cattle.io/os: linux
|
||||
catalog.cattle.io/permits-os: linux,windows
|
||||
catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1
|
||||
catalog.cattle.io/release-name: fleet
|
||||
apiVersion: v2
|
||||
appVersion: 0.3.10-rc1
|
||||
dependencies:
|
||||
- condition: gitops.enabled
|
||||
name: gitjob
|
||||
repository: file://./charts/gitjob
|
||||
description: Fleet Manager - GitOps at Scale
|
||||
icon: https://charts.rancher.io/assets/logos/fleet.svg
|
||||
name: fleet
|
||||
version: 100.0.4+up0.3.10-rc1
|
||||
|
|
@ -0,0 +1,23 @@
|
|||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*.orig
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
apiVersion: v2
|
||||
appVersion: 0.1.26
|
||||
description: Controller that run jobs based on git events
|
||||
name: gitjob
|
||||
version: 0.1.26
|
||||
|
|
@ -0,0 +1,22 @@
|
|||
{{- define "system_default_registry" -}}
|
||||
{{- if .Values.global.cattle.systemDefaultRegistry -}}
|
||||
{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
|
||||
{{- else -}}
|
||||
{{- "" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Windows cluster will add default taint for linux nodes,
|
||||
add below linux tolerations to workloads could be scheduled to those linux nodes
|
||||
*/}}
|
||||
{{- define "linux-node-tolerations" -}}
|
||||
- key: "cattle.io/os"
|
||||
value: "linux"
|
||||
effect: "NoSchedule"
|
||||
operator: "Equal"
|
||||
{{- end -}}
|
||||
|
||||
{{- define "linux-node-selector" -}}
|
||||
kubernetes.io/os: linux
|
||||
{{- end -}}
|
||||
|
|
@ -0,0 +1,38 @@
|
|||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: gitjob
|
||||
rules:
|
||||
- apiGroups:
|
||||
- "batch"
|
||||
resources:
|
||||
- 'jobs'
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- 'pods'
|
||||
verbs:
|
||||
- 'list'
|
||||
- 'get'
|
||||
- 'watch'
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- 'secrets'
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- 'configmaps'
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- "gitjob.cattle.io"
|
||||
resources:
|
||||
- "gitjobs"
|
||||
- "gitjobs/status"
|
||||
verbs:
|
||||
- "*"
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: gitjob-binding
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: gitjob
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: gitjob
|
||||
namespace: {{ .Release.Namespace }}
|
||||
|
|
@ -0,0 +1,45 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: gitjob
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: "gitjob"
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: "gitjob"
|
||||
spec:
|
||||
serviceAccountName: gitjob
|
||||
containers:
|
||||
- image: "{{ template "system_default_registry" . }}{{ .Values.gitjob.repository }}:{{ .Values.gitjob.tag }}"
|
||||
name: gitjob
|
||||
command:
|
||||
- gitjob
|
||||
{{- if .Values.debug }}
|
||||
- --debug
|
||||
{{- end }}
|
||||
- --tekton-image
|
||||
- "{{ template "system_default_registry" . }}{{ .Values.tekton.repository }}:{{ .Values.tekton.tag }}"
|
||||
env:
|
||||
- name: NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
{{- if .Values.proxy }}
|
||||
- name: HTTP_PROXY
|
||||
value: {{ .Values.proxy }}
|
||||
- name: HTTPS_PROXY
|
||||
value: {{ .Values.proxy }}
|
||||
- name: NO_PROXY
|
||||
value: {{ .Values.noProxy }}
|
||||
{{- end }}
|
||||
nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
|
||||
{{- if .Values.nodeSelector }}
|
||||
{{ toYaml .Values.nodeSelector | indent 8 }}
|
||||
{{- end }}
|
||||
tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
|
||||
{{- if .Values.tolerations }}
|
||||
{{ toYaml .Values.tolerations | indent 8 }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: gitjob
|
||||
spec:
|
||||
ports:
|
||||
- name: http-80
|
||||
port: 80
|
||||
protocol: TCP
|
||||
targetPort: 8080
|
||||
selector:
|
||||
app: "gitjob"
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: gitjob
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
gitjob:
|
||||
repository: rancher/gitjob
|
||||
tag: v0.1.26
|
||||
|
||||
tekton:
|
||||
repository: rancher/tekton-utils
|
||||
tag: v0.1.5
|
||||
|
||||
global:
|
||||
cattle:
|
||||
systemDefaultRegistry: ""
|
||||
|
||||
# http[s] proxy server
|
||||
# proxy: http://<username>@<password>:<url>:<port>
|
||||
|
||||
# comma separated list of domains or ip addresses that will not use the proxy
|
||||
noProxy: 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local
|
||||
|
||||
## Node labels for pod assignment
|
||||
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
|
||||
##
|
||||
nodeSelector: {}
|
||||
## List of node taints to tolerate (requires Kubernetes >= 1.6)
|
||||
tolerations: []
|
||||
|
||||
debug: false
|
||||
|
|
@ -0,0 +1,22 @@
|
|||
{{- define "system_default_registry" -}}
|
||||
{{- if .Values.global.cattle.systemDefaultRegistry -}}
|
||||
{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
|
||||
{{- else -}}
|
||||
{{- "" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Windows cluster will add default taint for linux nodes,
|
||||
add below linux tolerations to workloads could be scheduled to those linux nodes
|
||||
*/}}
|
||||
{{- define "linux-node-tolerations" -}}
|
||||
- key: "cattle.io/os"
|
||||
value: "linux"
|
||||
effect: "NoSchedule"
|
||||
operator: "Equal"
|
||||
{{- end -}}
|
||||
|
||||
{{- define "linux-node-selector" -}}
|
||||
kubernetes.io/os: linux
|
||||
{{- end -}}
|
||||
|
|
@ -0,0 +1,24 @@
|
|||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: fleet-controller
|
||||
data:
|
||||
config: |
|
||||
{
|
||||
"agentImage": "{{ template "system_default_registry" . }}{{.Values.agentImage.repository}}:{{.Values.agentImage.tag}}",
|
||||
"agentImagePullPolicy": "{{ .Values.agentImage.imagePullPolicy }}",
|
||||
"apiServerURL": "{{.Values.apiServerURL}}",
|
||||
"apiServerCA": "{{b64enc .Values.apiServerCA}}",
|
||||
"agentCheckinInterval": "{{.Values.agentCheckinInterval}}",
|
||||
"ignoreClusterRegistrationLabels": {{.Values.ignoreClusterRegistrationLabels}},
|
||||
"bootstrap": {
|
||||
"paths": "{{.Values.bootstrap.paths}}",
|
||||
"repo": "{{.Values.bootstrap.repo}}",
|
||||
"secret": "{{.Values.bootstrap.secret}}",
|
||||
"branch": "{{.Values.bootstrap.branch}}",
|
||||
"namespace": "{{.Values.bootstrap.namespace}}",
|
||||
"agentNamespace": "{{.Values.bootstrap.agentNamespace}}",
|
||||
},
|
||||
"webhookReceiverURL": "{{.Values.webhookReceiverURL}}",
|
||||
"githubURLPrefix": "{{.Values.githubURLPrefix}}"
|
||||
}
|
||||
|
|
@ -0,0 +1,49 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: fleet-controller
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: fleet-controller
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: fleet-controller
|
||||
spec:
|
||||
containers:
|
||||
- env:
|
||||
- name: NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
{{- if .Values.proxy }}
|
||||
- name: HTTP_PROXY
|
||||
value: {{ .Values.proxy }}
|
||||
- name: HTTPS_PROXY
|
||||
value: {{ .Values.proxy }}
|
||||
- name: NO_PROXY
|
||||
value: {{ .Values.noProxy }}
|
||||
{{- end }}
|
||||
image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}'
|
||||
name: fleet-controller
|
||||
imagePullPolicy: "{{ .Values.image.imagePullPolicy }}"
|
||||
command:
|
||||
- fleetcontroller
|
||||
{{- if .Values.debug }}
|
||||
- --debug
|
||||
- --debug-level
|
||||
- {{ quote .Values.debugLevel }}
|
||||
{{- end }}
|
||||
{{- if not .Values.gitops.enabled }}
|
||||
- --disable-gitops
|
||||
{{- end }}
|
||||
serviceAccountName: fleet-controller
|
||||
nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
|
||||
{{- if .Values.nodeSelector }}
|
||||
{{ toYaml .Values.nodeSelector | indent 8 }}
|
||||
{{- end }}
|
||||
tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
|
||||
{{- if .Values.tolerations }}
|
||||
{{ toYaml .Values.tolerations | indent 8 }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,106 @@
|
|||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: fleet-controller
|
||||
rules:
|
||||
- apiGroups:
|
||||
- gitjob.cattle.io
|
||||
resources:
|
||||
- '*'
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- fleet.cattle.io
|
||||
resources:
|
||||
- '*'
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- namespaces
|
||||
- serviceaccounts
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
- configmaps
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- rbac.authorization.k8s.io
|
||||
resources:
|
||||
- clusterroles
|
||||
- clusterrolebindings
|
||||
- roles
|
||||
- rolebindings
|
||||
verbs:
|
||||
- '*'
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: fleet-controller
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: fleet-controller
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: fleet-controller
|
||||
namespace: {{.Release.Namespace}}
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: fleet-controller
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- configmaps
|
||||
verbs:
|
||||
- '*'
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: fleet-controller
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: fleet-controller
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: fleet-controller
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: fleet-controller-bootstrap
|
||||
rules:
|
||||
- apiGroups:
|
||||
- '*'
|
||||
resources:
|
||||
- '*'
|
||||
verbs:
|
||||
- '*'
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: fleet-controller-bootstrap
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: fleet-controller-bootstrap
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: fleet-controller-bootstrap
|
||||
namespace: {{.Release.Namespace}}
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: fleet-controller
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: fleet-controller-bootstrap
|
||||
|
|
@ -0,0 +1,60 @@
|
|||
image:
|
||||
repository: rancher/fleet
|
||||
tag: v0.3.10-rc1
|
||||
imagePullPolicy: IfNotPresent
|
||||
|
||||
agentImage:
|
||||
repository: rancher/fleet-agent
|
||||
tag: v0.3.10-rc1
|
||||
imagePullPolicy: IfNotPresent
|
||||
|
||||
# For cluster registration the public URL of the Kubernetes API server must be set here
|
||||
# Example: https://example.com:6443
|
||||
apiServerURL: ""
|
||||
|
||||
# For cluster registration the pem encoded value of the CA of the Kubernetes API server must be set here
|
||||
# If left empty it is assumed this Kubernetes API TLS is signed by a well known CA.
|
||||
apiServerCA: ""
|
||||
|
||||
# A duration string for how often agents should report a heartbeat
|
||||
agentCheckinInterval: "15m"
|
||||
|
||||
# Whether you want to allow cluster upon registration to specify their labels.
|
||||
ignoreClusterRegistrationLabels: false
|
||||
|
||||
# http[s] proxy server
|
||||
# proxy: http://<username>@<password>:<url>:<port>
|
||||
|
||||
# comma separated list of domains or ip addresses that will not use the proxy
|
||||
noProxy: 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local
|
||||
|
||||
bootstrap:
|
||||
# The namespace that will be autocreated and the local cluster will be registered in
|
||||
namespace: fleet-local
|
||||
# The namespace where the fleet agent for the local cluster will be ran, if empty
|
||||
# this will default to fleet-system
|
||||
agentNamespace: ""
|
||||
# A repo to add at install time that will deploy to the local cluster. This allows
|
||||
# one to fully bootstrap fleet, it's configuration and all it's downstream clusters
|
||||
# in one shot.
|
||||
repo: ""
|
||||
secret: ""
|
||||
branch: master
|
||||
paths: ""
|
||||
|
||||
global:
|
||||
cattle:
|
||||
systemDefaultRegistry: ""
|
||||
|
||||
## Node labels for pod assignment
|
||||
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
|
||||
##
|
||||
nodeSelector: {}
|
||||
## List of node taints to tolerate (requires Kubernetes >= 1.6)
|
||||
tolerations: []
|
||||
|
||||
gitops:
|
||||
enabled: true
|
||||
|
||||
debug: false
|
||||
debugLevel: 0
|
||||
|
|
@ -0,0 +1,23 @@
|
|||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*.orig
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
||||
|
|
@ -0,0 +1,21 @@
|
|||
annotations:
|
||||
catalog.cattle.io/certified: rancher
|
||||
catalog.cattle.io/display-name: Harvester CSI Driver
|
||||
catalog.cattle.io/kube-version: '>= 1.18.0-0 < 1.24.0-0'
|
||||
catalog.cattle.io/namespace: kube-system
|
||||
catalog.cattle.io/os: linux
|
||||
catalog.cattle.io/permits-os: linux
|
||||
catalog.cattle.io/rancher-version: '>= 2.6.1-0 < 2.7.0-0'
|
||||
catalog.cattle.io/release-name: harvester-csi-driver
|
||||
catalog.cattle.io/ui-component: harvester-csi-driver
|
||||
apiVersion: v2
|
||||
appVersion: v0.1.3
|
||||
description: A Helm chart for Harvester CSI driver
|
||||
keywords:
|
||||
- infrastructure
|
||||
- harvester
|
||||
maintainers:
|
||||
- name: harvester
|
||||
name: harvester-csi-driver
|
||||
type: application
|
||||
version: 100.0.2+up0.1.14
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
categories:
|
||||
- infrastructure
|
||||
- harvester
|
||||
namespace: kube-system
|
||||
questions:
|
||||
- variable: cloudConfig.hostPath
|
||||
label: Cloud config file path
|
||||
description: "Specify the path of the cloud config."
|
||||
group: "Default"
|
||||
type: string
|
||||
default: "/etc/kubernetes/cloud-config"
|
||||
|
|
@ -0,0 +1 @@
|
|||
Successfully deployed Harvester CSI driver to the {{ .Release.Namespace }} namespace.
|
||||
|
|
@ -0,0 +1,62 @@
|
|||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "harvester-csi-driver.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "harvester-csi-driver.fullname" -}}
|
||||
{{- if .Values.fullnameOverride }}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride }}
|
||||
{{- if contains $name .Release.Name }}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "harvester-csi-driver.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "harvester-csi-driver.labels" -}}
|
||||
helm.sh/chart: {{ include "harvester-csi-driver.chart" . }}
|
||||
{{ include "harvester-csi-driver.selectorLabels" . }}
|
||||
{{- if .Chart.AppVersion }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "harvester-csi-driver.selectorLabels" -}}
|
||||
app.kubernetes.io/name: {{ include "harvester-csi-driver.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Global system default registry
|
||||
*/}}
|
||||
{{- define "system_default_registry" -}}
|
||||
{{- if .Values.global.cattle.systemDefaultRegistry -}}
|
||||
{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
|
||||
{{- else -}}
|
||||
{{- "" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
apiVersion: storage.k8s.io/v1
|
||||
kind: CSIDriver
|
||||
metadata:
|
||||
name: driver.harvesterhci.io
|
||||
spec:
|
||||
attachRequired: true
|
||||
fsGroupPolicy: ReadWriteOnceWithFSType
|
||||
podInfoOnMount: true
|
||||
volumeLifecycleModes:
|
||||
- Persistent
|
||||
|
|
@ -0,0 +1,149 @@
|
|||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: {{ include "harvester-csi-driver.name" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "harvester-csi-driver.labels" . | nindent 4 }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
component: csi-driver
|
||||
{{- include "harvester-csi-driver.selectorLabels" . | nindent 6 }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
component: csi-driver
|
||||
{{- include "harvester-csi-driver.selectorLabels" . | nindent 8 }}
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- --v=5
|
||||
- --csi-address=$(ADDRESS)
|
||||
- --kubelet-registration-path={{ .Values.kubeletRootDir }}/harvester-plugins/driver.harvesterhci.io/csi.sock
|
||||
env:
|
||||
- name: ADDRESS
|
||||
value: /csi/csi.sock
|
||||
image: {{ template "system_default_registry" . }}{{ .Values.image.csi.nodeDriverRegistrar.repository }}:{{ .Values.image.csi.nodeDriverRegistrar.tag }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
lifecycle:
|
||||
preStop:
|
||||
exec:
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
- rm -rf /registration/driver.harvesterhci.io-reg.sock
|
||||
/csi//*
|
||||
name: node-driver-registrar
|
||||
securityContext:
|
||||
privileged: true
|
||||
volumeMounts:
|
||||
- mountPath: /csi/
|
||||
name: socket-dir
|
||||
- mountPath: /registration
|
||||
name: registration-dir
|
||||
- args:
|
||||
- --nodeid=$(NODE_ID)
|
||||
- --endpoint=$(CSI_ENDPOINT)
|
||||
- --kubeconfig=/var/lib/harvester/cloud-provider-config
|
||||
env:
|
||||
- name: NODE_ID
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
apiVersion: v1
|
||||
fieldPath: spec.nodeName
|
||||
- name: CSI_ENDPOINT
|
||||
value: unix:///csi/csi.sock
|
||||
image: {{ template "system_default_registry" . }}{{ .Values.image.harvester.csiDriver.repository }}:{{ .Values.image.harvester.csiDriver.tag | default .Chart.AppVersion }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
lifecycle:
|
||||
preStop:
|
||||
exec:
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
- rm -f /csi//*
|
||||
name: harvester-csi-driver
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: true
|
||||
capabilities:
|
||||
add:
|
||||
- SYS_ADMIN
|
||||
privileged: true
|
||||
volumeMounts:
|
||||
- name: cloud-config
|
||||
readOnly: true
|
||||
mountPath: /var/lib/harvester
|
||||
- name: kubernetes
|
||||
readOnly: true
|
||||
mountPath: /etc/kubernetes
|
||||
- mountPath: {{ .Values.kubeletRootDir }}/plugins/kubernetes.io/csi
|
||||
mountPropagation: Bidirectional
|
||||
name: kubernetes-csi-dir
|
||||
- mountPath: /csi/
|
||||
name: socket-dir
|
||||
- mountPath: {{ .Values.kubeletRootDir }}/pods
|
||||
mountPropagation: Bidirectional
|
||||
name: pods-mount-dir
|
||||
- mountPath: /dev
|
||||
name: host-dev
|
||||
- mountPath: /sys
|
||||
name: host-sys
|
||||
- mountPath: /rootfs
|
||||
mountPropagation: Bidirectional
|
||||
name: host
|
||||
- mountPath: /lib/modules
|
||||
name: lib-modules
|
||||
readOnly: true
|
||||
hostPID: true
|
||||
serviceAccountName: {{ include "harvester-csi-driver.name" . }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: cloud-config
|
||||
{{- if .Values.cloudConfig.secretName }}
|
||||
secret:
|
||||
secretName: {{ .Values.cloudConfig.secretName }}
|
||||
{{- else }}
|
||||
hostPath:
|
||||
path: {{ .Values.cloudConfig.hostPath }}
|
||||
type: DirectoryOrCreate
|
||||
{{- end }}
|
||||
- hostPath:
|
||||
path: /etc/kubernetes
|
||||
type: DirectoryOrCreate
|
||||
name: kubernetes
|
||||
- hostPath:
|
||||
path: {{ .Values.kubeletRootDir }}/plugins/kubernetes.io/csi
|
||||
type: DirectoryOrCreate
|
||||
name: kubernetes-csi-dir
|
||||
- hostPath:
|
||||
path: {{ .Values.kubeletRootDir }}/plugins_registry
|
||||
type: Directory
|
||||
name: registration-dir
|
||||
- hostPath:
|
||||
path: {{ .Values.kubeletRootDir }}/harvester-plugins/driver.harvesterhci.io
|
||||
type: DirectoryOrCreate
|
||||
name: socket-dir
|
||||
- hostPath:
|
||||
path: {{ .Values.kubeletRootDir }}/pods
|
||||
type: DirectoryOrCreate
|
||||
name: pods-mount-dir
|
||||
- hostPath:
|
||||
path: /dev
|
||||
name: host-dev
|
||||
- hostPath:
|
||||
path: /sys
|
||||
name: host-sys
|
||||
- hostPath:
|
||||
path: /
|
||||
name: host
|
||||
- hostPath:
|
||||
path: /lib/modules
|
||||
name: lib-modules
|
||||
|
|
@ -0,0 +1,95 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ include "harvester-csi-driver.name" . }}-controllers
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "harvester-csi-driver.labels" . | nindent 4 }}
|
||||
spec:
|
||||
replicas: {{ .Values.replicasCount }}
|
||||
selector:
|
||||
matchLabels:
|
||||
component: csi-controllers
|
||||
{{- include "harvester-csi-driver.selectorLabels" . | nindent 6 }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
component: csi-controllers
|
||||
{{- include "harvester-csi-driver.selectorLabels" . | nindent 8 }}
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- --v=5
|
||||
- --csi-address=$(ADDRESS)
|
||||
- --timeout=1m50s
|
||||
- --leader-election
|
||||
- --leader-election-namespace=$(POD_NAMESPACE)
|
||||
env:
|
||||
- name: ADDRESS
|
||||
value: /csi/csi.sock
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
apiVersion: v1
|
||||
fieldPath: metadata.namespace
|
||||
image: {{ template "system_default_registry" . }}{{ .Values.image.csi.resizer.repository }}:{{ .Values.image.csi.resizer.tag }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
name: csi-resizer
|
||||
volumeMounts:
|
||||
- mountPath: /csi/
|
||||
name: socket-dir
|
||||
- args:
|
||||
- --v=5
|
||||
- --csi-address=$(ADDRESS)
|
||||
- --timeout=1m50s
|
||||
- --leader-election
|
||||
- --leader-election-namespace=$(POD_NAMESPACE)
|
||||
- --default-fstype=ext4
|
||||
env:
|
||||
- name: ADDRESS
|
||||
value: /csi/csi.sock
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
apiVersion: v1
|
||||
fieldPath: metadata.namespace
|
||||
image: {{ template "system_default_registry" . }}{{ .Values.image.csi.provisioner.repository }}:{{ .Values.image.csi.provisioner.tag }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
name: csi-provisioner
|
||||
volumeMounts:
|
||||
- mountPath: /csi/
|
||||
name: socket-dir
|
||||
- args:
|
||||
- --v=5
|
||||
- --csi-address=$(ADDRESS)
|
||||
- --timeout=1m50s
|
||||
- --leader-election
|
||||
- --leader-election-namespace=$(POD_NAMESPACE)
|
||||
env:
|
||||
- name: ADDRESS
|
||||
value: /csi/csi.sock
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
apiVersion: v1
|
||||
fieldPath: metadata.namespace
|
||||
image: {{ template "system_default_registry" . }}{{ .Values.image.csi.attacher.repository }}:{{ .Values.image.csi.attacher.tag }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
name: csi-attacher
|
||||
volumeMounts:
|
||||
- mountPath: /csi/
|
||||
name: socket-dir
|
||||
serviceAccountName: {{ include "harvester-csi-driver.name" . }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- hostPath:
|
||||
path: {{ .Values.kubeletRootDir }}/harvester-plugins/driver.harvesterhci.io
|
||||
type: DirectoryOrCreate
|
||||
name: socket-dir
|
||||
|
|
@ -0,0 +1,75 @@
|
|||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ include "harvester-csi-driver.name" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "harvester-csi-driver.labels" . | nindent 4 }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: {{ include "harvester-csi-driver.name" . }}
|
||||
labels:
|
||||
{{- include "harvester-csi-driver.labels" . | nindent 4 }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: {{ include "harvester-csi-driver.name" . }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ include "harvester-csi-driver.name" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: {{ include "harvester-csi-driver.name" . }}
|
||||
labels:
|
||||
{{- include "harvester-csi-driver.labels" . | nindent 4 }}
|
||||
rules:
|
||||
- apiGroups: [ "coordination.k8s.io" ]
|
||||
resources: [ "leases" ]
|
||||
verbs: [ "get", "watch", "list", "delete", "update", "create" ]
|
||||
- apiGroups: [ "storage.k8s.io" ]
|
||||
resources: [ "csistoragecapacities" ]
|
||||
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete" ]
|
||||
- apiGroups: [""]
|
||||
resources: ["persistentvolumes"]
|
||||
verbs: [ "get", "list", "watch", "create","update", "patch", "delete" ]
|
||||
- apiGroups: [""]
|
||||
resources: ["persistentvolumeclaims"]
|
||||
verbs: ["get", "list", "watch", "create","update", "patch", "delete" ]
|
||||
- apiGroups: [""]
|
||||
resources: ["persistentvolumeclaims/status"]
|
||||
verbs: ["patch"]
|
||||
- apiGroups: ["storage.k8s.io"]
|
||||
resources: ["storageclasses"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups: ["snapshot.storage.k8s.io"]
|
||||
resources: ["volumesnapshots"]
|
||||
verbs: ["get", "list"]
|
||||
- apiGroups: ["snapshot.storage.k8s.io"]
|
||||
resources: ["volumesnapshotcontents"]
|
||||
verbs: ["get", "list"]
|
||||
- apiGroups: [ "storage.k8s.io" ]
|
||||
resources: [ "csinodes" ]
|
||||
verbs: [ "get", "list", "watch" ]
|
||||
- apiGroups: [ "" ]
|
||||
resources: [ "events" ]
|
||||
verbs: [ "list", "watch", "create", "update", "patch" ]
|
||||
- apiGroups: [ "" ]
|
||||
resources: [ "pods" ]
|
||||
verbs: [ "get", "list", "watch" ]
|
||||
- apiGroups: [ "apps" ]
|
||||
resources: [ "replicasets" ]
|
||||
verbs: [ "get" ]
|
||||
- apiGroups: [""]
|
||||
resources: ["nodes"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups: ["storage.k8s.io"]
|
||||
resources: ["volumeattachments"]
|
||||
verbs: ["get", "list", "watch", "patch"]
|
||||
- apiGroups: [ "storage.k8s.io" ]
|
||||
resources: [ "volumeattachments/status" ]
|
||||
verbs: [ "patch" ]
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
apiVersion: storage.k8s.io/v1
|
||||
kind: StorageClass
|
||||
metadata:
|
||||
name: harvester
|
||||
annotations:
|
||||
storageclass.kubernetes.io/is-default-class: "true"
|
||||
allowVolumeExpansion: true
|
||||
provisioner: driver.harvesterhci.io
|
||||
reclaimPolicy: Delete
|
||||
volumeBindingMode: Immediate
|
||||
|
|
@ -0,0 +1,54 @@
|
|||
# Default values for harvester-csi-driver.
|
||||
|
||||
replicasCount: 3
|
||||
|
||||
image:
|
||||
harvester:
|
||||
csiDriver:
|
||||
repository: rancher/harvester-csi-driver
|
||||
# Overrides the image tag whose default is the chart appVersion.
|
||||
tag: "v0.1.3"
|
||||
csi:
|
||||
nodeDriverRegistrar:
|
||||
repository: rancher/mirrored-longhornio-csi-node-driver-registrar
|
||||
tag: v2.3.0
|
||||
resizer:
|
||||
repository: rancher/mirrored-longhornio-csi-resizer
|
||||
tag: v1.2.0
|
||||
provisioner:
|
||||
repository: rancher/mirrored-longhornio-csi-provisioner
|
||||
tag: v2.1.2
|
||||
attacher:
|
||||
repository: rancher/mirrored-longhornio-csi-attacher
|
||||
tag: v3.2.1
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
nameOverride: ""
|
||||
fullnameOverride: ""
|
||||
|
||||
kubeletRootDir: /var/lib/kubelet
|
||||
cloudConfig:
|
||||
secretName: ""
|
||||
hostPath: "/var/lib/rancher/rke2/etc/config-files/"
|
||||
|
||||
nodeSelector:
|
||||
kubernetes.io/os: linux
|
||||
|
||||
tolerations:
|
||||
- effect: NoSchedule
|
||||
key: kubevirt.io/drain
|
||||
operator: Exists
|
||||
- effect: NoSchedule
|
||||
key: node-role.kubernetes.io/control-plane
|
||||
operator: Equal
|
||||
- effect: NoExecute
|
||||
key: node-role.kubernetes.io/etcd
|
||||
operator: Equal
|
||||
- key: cattle.io/os
|
||||
operator: Equal
|
||||
value: "linux"
|
||||
effect: NoSchedule
|
||||
|
||||
global:
|
||||
cattle:
|
||||
systemDefaultRegistry: ""
|
||||
|
|
@ -7,4 +7,4 @@ apiVersion: v1
|
|||
description: Installs the CRDs for rancher-cis-benchmark.
|
||||
name: rancher-cis-benchmark-crd
|
||||
type: application
|
||||
version: 2.0.5-rc2
|
||||
version: 2.0.5-rc3
|
||||
|
|
@ -2,7 +2,7 @@ annotations:
|
|||
catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
|
||||
catalog.cattle.io/certified: rancher
|
||||
catalog.cattle.io/display-name: CIS Benchmark
|
||||
catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.24.0-0'
|
||||
catalog.cattle.io/kube-version: '>= 1.21.0-0 < 1.25.0-0'
|
||||
catalog.cattle.io/namespace: cis-operator-system
|
||||
catalog.cattle.io/os: linux
|
||||
catalog.cattle.io/permits-os: linux,windows
|
||||
|
|
@ -12,11 +12,11 @@ annotations:
|
|||
catalog.cattle.io/type: cluster-tool
|
||||
catalog.cattle.io/ui-component: rancher-cis-benchmark
|
||||
apiVersion: v1
|
||||
appVersion: v2.0.5-rc2
|
||||
appVersion: v2.0.5-rc3
|
||||
description: The cis-operator enables running CIS benchmark security scans on a kubernetes
|
||||
cluster
|
||||
icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
|
||||
keywords:
|
||||
- security
|
||||
name: rancher-cis-benchmark
|
||||
version: 2.0.5-rc2
|
||||
version: 2.0.5-rc3
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue